Usable Security for Developers

Europe RIG project

This project focuses on cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.

Security, Privacy Cryptography

Enterprise IT is not structured to have the time and money to invest in far-reaching and forward-looking security threats and solutions. Academic and government research in these areas thrive, but does not easily find its way into industry. Red Hat’s open source approach allows researchers to share their work immediately and have it reviewed by thousands of security experts. This review further hardens the work and allows it to be put to use more quickly and more broadly so research and inventions in cryptography, privacy and cybersecurity have immediate impact.

Projects

ProjectSummaryResearch AreaRIGUniversitieshf:tax:righf:tax:partner_university
ICOS: IoT2cloud Operating SystemICOSThe ICOS project aims at covering the set of challenges coming up when addressing this continuum paradigm, proposing an approach embedding a well-defined set of functionalities, ending up in the definition of an IoT2cloud Operating System (ICOS)., , , , brnonational-and-kapodistrian-university-of-athens technische-universitat-braunschweig universitat-politecnica-de-catalunya-upc
Securing satellite communications with in-network computingThis project aims to design, implement and evaluate a system to enhance the security and privacy of emerging satellite communications infrastructure using in-network computing and software-defined networking.brnouniversity-of-oxford
Disinformation Detection at ScaleThe increased prevalence of fake and manipulated visual media on the Internet has led to social and technical dilemmas in …, , greater-bostonunicamp-universidade-estadual-de-campinas university-of-notre-dame
Creating a global open research platform to better understand social sustainability using data from a real-life smart villageIn this project, a team of BU faculty will team up with Red Hat researchers and with SmartaByar, an organization …, , greater-bostonboston-university
Privacy-Preserving Cloud Computing using Homomorphic EncryptionIn today’s data-driven world, a large amount of data is collected by billions of devices (cell phones, autonomous cars, handheld …, , greater-bostonboston-university
Symbiotes: A New step in Linux’s EvolutionThis work explores how a new kind of software entity, a symbiotie, might bridge this gap. By adding the ability for application software to shed the boundary that separates it from the OS kernel it is free to integrate, modify and evolve in to a hybrid that is both application and OS., greater-bostonboston-university
Secure cross-site analytics on OpenShift logsThe project aims to explore whether cryptographically secure Multi-Party Computation, or MPC for short, can be used to perform secure cross-site analytics on OpenShift logs with minimum client participation., , greater-bostonboston-university
Are Adversarial Attacks a Viable Solution to Individual Privacy?Users of online services today must trust platforms with their personal data. Platforms can choose to enable privacy by default …greater-bostonboston-university
Secured API in Hybrid CloudRecently we see many companies that are moving their data from local data centers to public-managed clouds. But with these movements, some questions raise up.tel-avivariel-university
Side-channel attacks on embedded devices and smartcardsThis project focuses on several aspects of side-channel attacks on embedded devices and smartcards, utilizing timing, power-analysis and other side-channels. …brnomasaryk-university
Mining issued Common Criteria and FIPS140-2 certificatesThe security certification reports might be long but is also a trove of publicly available data about otherwise proprietary devices …brnomasaryk-university
Verifying constant-time cryptographic algorithm implementationsThe aim of this project is to verify the timing side-channel resistance of cryptographic implementations. The project focuses on the constant time (and constant memory access) generic cryptographic implementations of selected cryptographic algorithms. Tbrnomasaryk-university
Trusted Computing EcosystemThe project aims to study the TPM ecosystem as currently exists in deployed devices and software applications using it, establish the types of chips and their properties one can encounter, investigate the state of patching of known vulnerabilities like ROCA against Infineon’s TPM (CVE-2017-15361) or TPMFail against Intel’s fTPM (CVE-2019-11090) and STM’s TPM (CVE-2019-16863) and analyze a reliability of stored integrity measurements (PCRs) for remote attestation and disk encryption uses.brnomasaryk-university
Improving Full Disk EncryptionThe primary focus of this project is also data integrity protection, either in combination with encryption (authentication encryption) or standalone using dm-integrity and dm-verity kernel driver.brnomasaryk-university
Accelerating Microarchitectural Security ResearchWe are working on processes and tooling to lower the barrier to entry into the field and accelerate attack research and mitigation across academia and industry.brnotu-graz
Authentication in public open-source repositoriesThis project focuses on user authentication in public repositories containing open-source projects, which are then used by commercial companies (e.g. Red Hat) as a source for their internally maintained repositories.brnomasaryk-university
OpenInfra LabsOpenInfra Labs is an OpenStack Foundation project connecting open source projects to production to advance open source infrastructure. The project …, , , , , , boston-university northeastern-university umass-amherst
Elastic Secure InfrastructureThis project encompasses work in several areas to design, build and evaluate secure bare-metal elastic infrastructure for data centers., , greater-bostonboston-university
Open Cloud TestbedThe Open Cloud Testbed project will build and support a testbed for research and experimentation into new cloud platforms – the underlying software which provides cloud services to applications. Testbeds such as OCT are critical for enabling research into new cloud technologies – research that requires experiments which potentially change the operation of the cloud itself., , , , , , greater-bostonboston-university northeastern-university umass-amherst
Implementing Secure Multi-Party ComputingSecure Multiparty Computation (MPC) is a cryptographic primitive that allows several parties to jointly and privately compute desired functions over secret data. Building and deploying practical MPC applications faces several obstacles, including performance overhead, complicated deployment and setup procedures, and adoption of MPC protocols into modern software stacks. MPC applications expose trade-offs between efficiency and privacy that may be hard to reason about, formally characterize, and encode in a protocol design or implementation., greater-bostonboston-university
Usable Security for DevelopersThis project focuses on the cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.brnomasaryk-university
Fuzzing Device Emulation in QEMUHypervisors—the software that allows a computer to simulate multiple virtual computers—form the backbone of cloud computing. Because they are both ubiquitous and essential, they are security-critical applications that make attractive targets for potential attackers., , greater-bostonboston-university